I have been trying to setup authentication for Various ERS 8600 running secure image 7.1.0.104 with a Windows server 2012 R2 Radius. My current configuration works on the Cisco devices and Brocade switches I have on the network but it does not work on the Avaya. I have follow the only guide I have found from Avaya but the instructions on the server side are for an Identity Engines Ignition Radius Server. Can someone point me to a write-up or guide online using windows server? I tried different combination of vendor specific setting and values but even when the server says it granted access the switch says access denied.Thank you in advance

- Add the specific device as a RADIUS client with the corresponding shared secret- You can create a connection request policy. It is is not required but it eases distinction of policies- Create a network policy and have a condition of friendly name or nas IP-address of the ERS8600 added- Also have the specific user group added of which you, as an ERS8600 admin, are member of.- In the constraint tab, add Microsoft: Protected EAP as a EAP method.- Enable MSCHAPv2 (EAP-MSCHAPv2). If this does not work add the less secure PAP/SPAP methods- Then in settings, add a VSA with vendor radius standard and a value of 6 (RWA).- Edit the VSA and enter vendor code 1584. Select yes it conform (RADIUS RFC)- click configure attribute and use value 192 for Vendor-assigned attribute, atrribute format decimal and attribute value 6 (RWA).

Apply the config to NPS and you should have a working setup.

Be aware! Unfortunately EDM does not recognize the atribute value returned by RADIUS, resulting in an Always RWA ccess regardless the value being set (even RO)! I've addressed a feature request at Avaya last year, but I assume it will take a long time to get this added within EDM.